Thales Blog

Enhanced Privacy and Confidentiality using Thales and Google Workspace Client side-encryption

June 14, 2021

Emmanuel Bout Emmanuel Bout | Business Development Manager Cloud Security, Thales More About This Author >

Thales is expanding its partnership with Google Workspace to enhance secure access to cloud environments and are excited to announce that its CipherTrust Cloud Key Manager and SafeNet Trusted Access have been integrated with Google Workspace Client-side encryption (beta coming soon), a new privacy and confidentiality offering for Google Workspace users.

The need for enhanced privacy and confidentiality

In a world of digital transformation, cloud providers and enterprises are looking for stronger cloud security and compliance. With many countries developing strict data security regulations, such as GDPR and Schrems II in Europe, CCPA in the United States, Notifiable Data Breaches (NDB) in Australia, and LGPD in Brazil, the regulatory landscape is becoming increasingly complex for organisations to navigate. What’s more, with three-quarters of global organisations planning to keep part of their workforce remote after the pandemic, there is an increasing need for a solution that can work and adapt to the regulatory framework wherever they may operate.

Google Workspace Client-side encryption

Addressing this challenge and adhering to the concept of ‘shared security’, Google allows users to opt for Google Workspace Client-side encryption and recommends the use of an external key manager and identity provider (IDP) to ensure that only authorised and authenticated individuals can access protected documents.

Google Workspace Client-side encryption enables service providers to host encrypted data but not decrypt it, protecting the user’s privacy. When a user retrieves their file, the corresponding data encryption key is decrypted using customer-provided keys only after the user has been authenticated with customer-controlled authentication.

Benefits of the joint solution

Google Workspace, a unified communications and collaboration solution, now provides enhanced privacy and confidentiality options with Google Workspace Client-side encryption (beta coming soon) by using the combination of Thales SafeNet Trusted Access and CipherTrust Cloud Key Manager.

This partnership enables enterprise customers to benefit from:

  • Improved security - reduce the risk of data breach and failure of non-compliance penalties by controlling access security and key management.
  • Smooth deployment - single vendor integration with Google Workspace ensures easy and quick deployment.
  • Superior user experience - users benefit from single-sign-on to Google Workspace and their other cloud services and apps.

Organisations in sectors like Government, Finance, Healthcare, and Manufacturing will be able to implement contextual access, enforce the appropriate level of authentication and offer smart single sign-on for users logging onto Google Workspace. The solution gives organisations the power to determine who and how to allow access to Google Workspace, and who can use encryption keys to access a Google Workspace file.

How the solution works

The diagram below provides a high-level overview of the joint solution.

SafeNet Trusted Access serves as an independent third party IDP and authenticates users to Google Workspace via a SAML integration. SafeNet Trusted Access implements a Zero Trust security model by enforcing strong and continuous authentication when users log into their Google service, enabling single-sign-on, and multifactor authentication to all resources. At the same time, CipherTrust Cloud Key Manager provides external key management and policy control to ensure that encrypted documents can only be accessed by authorised users.

Enhanced user experience with increased privacy and confidentiality. Accelerated digital transformation has caused organisations to leverage cloud-based apps and services to improve collaboration and productivity. These initiatives can be enhanced by security and encryption key management to help prevent adversaries from compromising sensitive data and disrupting business operations. On the other hand, security should not harm the user experience, otherwise employees will seek other less secure ways to access resources.

The combination of Thales SafeNet Trusted Access and CipherTrust Cloud Key Manager enables Google Workspace users to balance strong access security and effective key management with a superb user experience to enhance privacy and confidentiality.

You can learn more about how Thales enables enhanced privacy and confidentiality for Google Workspace Client-side encryption users by downloading the solution brief.